codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.10.0 to 1.11.0. Changelog Sourced from rayon's changelog. Release rayon 1.11.0 / rayon-core 1.13.0 (2025-08-12) The minimum supported rustc is now 1.80. iter::repeatn has been renamed to...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [actions/labeler](https://github.com/actions/labeler) from 4 to 6. Release notes Sourced from actions/labeler's releases. v6.0.0 What's Changed Add workflow file for publishing releases to immutable action package by @jcambass in actions/labeler#802 Breaking...
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 4 to 5. Release notes Sourced from actions/setup-dotnet's releases. v5.0.0 What's Changed Breaking Changes Upgrade to Node.js 24 and modernize async usage by @salmanmkc in actions/setup-dotnet#654 Make...
We have developers trying to run codeql in a container from their macs. The container is important to testing, and we don't want to run codeql outside of it. Codeql...
**Description of the false positive** ``` Incomplete string escaping or encoding This does not escape backslash characters in the input. ``` ```ts part = `"${part.replace(/"/g, '\\"')}"`; ``` This is intentional,...
This PR resolves most of the FPs I found in the SSRF query.
**Description of the false positive** https://github.com/PowerDNS/pdns/pull/16363#discussion_r2455671092 > This expression has no effect (because sendUDPResponse has no external side effects). codeql appears to have found https://github.com/PowerDNS/pdns/blob/dec9583d885713a0d0ecb55a74ef83cde5f8a235/pdns/dnsdistdist/test-dnsdist_cc.cc#L83 (which is indeed side effect...
Hello CodeQL team, I see that the documentation currently states that “C++20 modules are not supported.” I’d like to ask if there is any ongoing work or roadmap item planned...
**Description of the issue** How do I get the type of an expression in Rust? For example, I want to constrain this to only accesses on string-like expressions. ```ql private...
